Secrets-Oriented Workflows and Infrastructure

Immutability is developing a set of tools and protocols to curate and provision credentials, access controls and secrets-oriented infrastructure.
Explore Now

Managing fine-grain access controls and the provisioning of application credentials at scale has always been fraught with complexities.
Add to that the compliance challenges of operating in a regulated environment and the operational constraints of heterogenous environments (cloud and on-prem) and things get harder. And now we have blockchain...

Concept

The Primacy of Secrets-Oriented Infrastructure and Workflows

The use of secrets underlies all of information technology - both legacy and modern. Strangely enough, the workflows for managing secrets and their access controls have rarely been effectively automated in CI/CD systems. They have often been treated as adhoc and exceptional processes with piecemeal automation.

We at Immutability believe that secrets-oriented workflows and infrastructure should be treated as first-class citizens in any automation landscape. So we have developed an innovative as-code approach to automating the entire lifecycle of secrets, access controls and the infrastructure that supports them.

Workflows, access controls and infrastructure all require governance. At the heart of our model is a curation mechanism that incentivizes quality code committers and disincentivizes deployments that don't reflect the values of stakeholders.

The Immutability Model

The main tenets of our approach

Automation is Key

Requests for access are scanned for correctness and then automatically applied. Secure introduction is automated. Renewals and rotations are automated. Even the process of moving from cold storage is automated.

It's Just Git

Want a new policy? Submit a pull request. Want a new secret? Submit a pull request. Want your infrastructure to scale differently? Submit a pull request. Everything is versioned, audited, linted and analyzed in a familar Git-Ops flow.

As-Code

Policy is code. Infrastructure is code. Governance mechanisms are code. Workflows are code. Because everything is code, the intent of any action regarding the lifecycle, access and distribution of secrets is knowable.

Security

Every secret is encrypted at rest and transit. Cryptographic keys never leave secure enclaves. Access is through short-lived tokens using fine-grained access controls. Credentials are rotated frequently. Revocation workflows are automated so as to maintain availability.

Risk is Transparent

If a secret provides access to a valuable resource, this is clearly visible in code. If a policy allowing access to that secret is risky, the curation mechanism will make that apparent.

Ownership is Paramount

Every secret is correlated to the owner(s) of the resource it is connected to. Resource owners preside over the process - they approve or reject access. Risk can be assumed at the discretion of stakeholders.

How Can Immutability Help?

While we are developing our products, we can offer:

Expert Advice

The Immutability team has years of experience designing, securing and operating enterprise-class systems at scale.

Custom Builds

The team maintains several OSS projects including HashiCorp Vault and Terraform plugins, Ethereum and Bitcoin wallets, and static security analysis of AWS infrastructure.

Community

The League of Immutable Gentlepeople is an open community that exists to share experiences, advice and code. Connect with us.

We need immutability to coordinate at a distance and we can afford immutability as storage gets cheaper...

An Ethereum Wallet is a gateway to decentralized applications on the Ethereum blockchain. It allows you to hold and secure ether and other crypto-assets built on Ethereum, as well as deploy and use smart contracts. This blog will look at how the two can work seamlessly together.